|
Information Security
Glossary A
This glossary contains industry standard and City specific IT terminology. The glossary
should be consulted when policy, issue papers, etc. are drafted to ensure consistent use of terms across the City.
Abend / Application Crash
Abort
Access
Access Control
Access Rights
Accidental Damage
ADSL
Ad Hoc Connectivity
Ad Hoc Device
Ad Hoc User
Analog, Analogue
ANSI
Anti-Virus Program
Archive
Audit Log
Audit Trail
Auditor
Authentication
Authorization
Availability
Abend / Application Crash
Abend (derived from 'abnormal end') is where an applications program aborts, or
terminated abruptly and unexpectedly. One of the prime reasons for a thorough
testing of an organization's applications systems is to verify that the software
works as expected. A significant risk to your data is that, if an application
crashes it can also corrupt the data file which was open at the time.
Abort
A computer is simultaneously running multiple programs, each of which
require the execution of a number of processes, often simultaneously.
However, processes will usually interact with other processes and, due to the
differences in hardware and load on the system, will execute at varying
speeds. A process may abort when it fails to receive the expected input, or is
unable to pass the output to a linked process. When a process aborts, it has the same effect as though that process had crashed. Poorly written applications may freeze /hang when one or more processes abort.
Access
Two types of access - Physical and Logical.
- Physical Access. The process of obtaining use of a computer system,
- for example by sitting down at a keyboard, - or of being able to enter
specific area(s) of the Organization where the main computer systems are
located.
- Logical Access. The process of being able to enter, modify, delete,
or inspect, records and data held on a computer system by means of providing
an ID and password (if required). The view that restricting physical access
relieves the need for logical access restrictions is misleading. Any
Organization with communications links to the outside world has a security
risk of logical access. Hackers do not, generally, visit the sites they are
hacking in person.- they do it from a distance!
Access Control
Physical, procedural, and/or electronic mechanism which ensures that only those who are authorized to view, update, and/or delete data can access that data.
Access Rights
The powers granted to users to create, change, delete, or simply view data and
files within a system, according to a set of rules defined by IT and business
management. It is not necessarily true that the more senior a person, the more
power is granted. For example, most data capture - essentially creating new
files or transactions, is performed at relatively junior level, and it is not
uncommon for senior management to have access rights only to view data with no
power to change it. There are very good Internal Control and Audit reasons for
adopting this approach.
Accidental Damage
In relation to Information Security, accidental damage refers to damage or loss,
that is caused as a result of a genuine error or misfortune. However, despite
the genuine nature of the accident, such incidents can, and should be prevented
by awareness, alertness and action.
For example, whilst we can all sympathize with the person who has lost their 50
page document through a system crash, there is little excuse for not having made
a suitable backup copy from which to recover the situation.
ADSL
ADSL (Asymmetric Digital Subscriber Line) is
a relatively new technology for transmitting digital information at high speeds,
using existing phone lines (POTS) to homes and business users alike. Unlike the
standard dialup phone service, ADSL provides a permanent connection, at no
additional cost. ADSL was specifically designed to exploit the one-way
nature of most multimedia communication in which large amounts of information
flow toward the user and only a small amount of interactive control information
is returned. Several experiments with ADSL to real users began in 1996. In 1998,
wide-scale installations began in several parts of the U.S. In 2000 and beyond,
ADSL and other forms of DSL are expected to become generally available in urban
areas. With ADSL (and other forms of DSL), telephone companies are competing
with cable companies and their cable modem services.
Ad Hoc Connectivity
Plugging a non-City owned computing device directly into the network or another City owned workstation while on City premises for the purpose of accessing City applications, the Internet, and/or other City dats sources.
Ad Hoc Device
A City or non-City owned computing device that has not been connected to the City network for a designated period of time. Because it has not been connected, it is considered "untrusted", and assumed to be out of compliance with current operating system and anti-virus patching levels.
Ad Hoc User
Employees, contractors, business partners, etc. who are not normally authorized users, but have a need, on a temporary basis, to connect to the City network to conduct City business
Analog, Analogue
A description of a continuously variable
signal or a circuit or device designed to handle such signals. The opposite is
'discrete' or 'digital'. Typical examples are the joysticks or steering wheels
associated with flight and driving simulations or air/space combat games.
ANSI
American National Standards Institute which is the main Organization
responsible for furthering technology standards within the USA. ANSI is also a
key player with the International Standards Organization - ISO.
Anti-Virus Program
Software designed to detect, and potentially eliminate, viruses before they
have had a chance to wreak havoc within the system, as well as repairing or
quarantining files which have already been infected by virus activity.
Archive
An area of data storage set aside for
non-current (old, or historical) records in which the information can be
retained under a restricted access regime until no longer required by law or
Organization record retention policies. This is a field in which computers have
a distinct advantage over older paper files, in that computer files can be
'compressed' when archived to take up far less space on the storage media. Paper
records can only be compressed by using microfilm, microfiche, or, more
recently, by scanning into a computer system. Whichever system is chosen, care
must be exercised to ensure that the records retained meet legal requirements
should it ever be necessary to produce these records in a court of law.
Audit Log
Computer files containing details of amendments to records, which may be
used in the event of system recovery being required. The majority of commercial
systems feature the creation of an audit log. Enabling this feature incurs some
system overhead, but it does permit subsequent review of all system activity,
and provide details of: which User ID performed which action to which files when
etc. Failing to produce an audit log means that the activities on the
system are 'lost'.
Audit Trail
A record, or series of records, which allows the processing carried out by a
computer or clerical system to be accurately identified, as well as verifying
the authenticity of such amendments, including details of the users who created
and authorized the amendment(s).
Auditor
Person employed to verify, independently, the quality and integrity of the
work that has been undertaken within a particular area, with reference to
accepted procedures.
Authentication
A systematic method for establishing proof of identity.
Authorization
The process of giving someone permission to do or have something; a system administrator defines for the system which which users are allowed access and what privileges they are assigned.
Availability
The assurance that a computer system is accessible by authorized users whenever it is needed or pre-defined.
|
